b'REVIEW OF NRC\xe2\x80\x99S SEPARATION-CLEARANCE\n      PROCESS FOR EXITING STAFF\n          AND CONTRACTORS\n\n        OIG/99A-06 July 20, 1999\n\x0c                                         July 20, 1999\n\n\n\n\nMEMORANDUM TO:               William D. Travers\n                             Executive Director for Operations\n\n\n                             Stewart T. Reiter\n                             Acting Chief Information Officer\n\n\nFROM:                        Thomas J. Barchi\n                             Assistant Inspector General for Audits\n\n\nSUBJECT:                     REVIEW OF NRC\xe2\x80\x99S SEPARATION-CLEARANCE PROCESS\n                             FOR EXITING STAFF AND CONTRACTORS\n\n\nAttached is the Office of the Inspector General\xe2\x80\x99s (OIG) audit report titled \xe2\x80\x9dReview of NRC\xe2\x80\x99s\nSeparation-Clearance Process for Exiting Staff and Contractors.\xe2\x80\x9d This review was initiated after\nOIG learned of several cases where local area network accounts had not been deleted for former\nemployees and contractors of the agency.\n\nOn June 2, 1999, we provided a draft of this report to the Executive Director for Operations and\nthe Chief Information Officer. On July 9, 1999, the Deputy Executive Director for Management\nServices responded to our draft report and agreed with the report\xe2\x80\x99s recommendations.\n\nPlease contact me on 415-5915 if we can assist you further in this matter.\n\n\nAttachment: As stated\n\x0c                       Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\nREPORT SYNOPSIS\n\n        The Office of the Inspector General initiated a review of the U.S. Nuclear\n        Regulatory Commission\xe2\x80\x99s (NRC) separation-clearance process after learning of\n        several cases where local area network (LAN) accounts for former employees and\n        contractors had not been deleted. Moreover, we identified one former employee\n        who could still access an NRC LAN account and the files of the employee\xe2\x80\x99s former\n        office. The agency\xe2\x80\x99s separation-clearance process contains a step intended to\n        trigger the termination of LAN accounts for employees who separate from the\n        agency. However, we were concerned that the step was not achieving its intended\n        purpose and about the risks involved in unintentionally allowing former\n        employees/contractors to have access to sensitive, non-public agency information.\n        We were also concerned that other steps in the process might not be achieving\n        their intended purposes. Our objectives for the audit were to determine (1) whether\n        the agency was terminating employee/contractor access to the LAN in a timely\n        manner after those individuals ended their employment with NRC, and (2) whether\n        other steps in the separation-clearance process were being fulfilled as intended.\n\n        In general, NRC\xe2\x80\x99s separation-clearance process appears to be working to prevent\n        employees from terminating their employment without repaying debts owed to\n        NRC. However, the process has failed to ensure the consistent, timely termination\n        of LAN accounts when employees and contractors stop working for NRC. In\n        addition, the process is duplicative in parts, some clearing officials do not carry out\n        the process as NRC managers expect them to or as guidance prescribes, and\n        agency guidance on the topic is sometimes conflicting.\n\n        We found that the separation-clearance process does not directly trigger\n        termination of LAN accounts at headquarters. We also noted an absence of clear\n        guidance on the separation-clearance process in general, and the LAN-related\n        steps in particular. We believe the manner in which the separation-clearance\n        process is carried out and the lack of clear guidance contribute to the failure to\n        delete LAN accounts in a timely manner. We also believe that the other problems\n        we identified with regard to the separation-clearance process result from (1) no\n        single office taking responsibility for guiding the process and ensuring maximum\n        efficiency, and (2) a lack of specific written guidance.\n\n        Our report makes four recommendations to improve the agency\xe2\x80\x99s separation-\n        clearance process and ensure that it remains current with agency operations.\n\n\n\n\n        OIG/99A-06                                                                             Page i\n\x0c                             Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\nTABLE OF CONTENTS\n\n\n        REPORT SYNOPSIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i\n\n        INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1\n\n                    BACKGROUND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1\n\n        FINDINGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2\n\n                    LAN ACCOUNTS NOT CONSISTENTLY TERMINATED FOR SEPARATING\n                          EMPLOYEES AND CONTRACTORS . . . . . . . . . . . . . . . . . . . . . . . . . 2\n\n                    SEPARATION-CLEARANCE PROCESS REFLECTS THAT NO ONE OFFICE\n                          HAS TAKEN CHARGE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5\n\n        CONCLUSION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7\n\n        RECOMMENDATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7\n\n        OIG COMMENTS ON AGENCY RESPONSE . . . . . . . . . . . . . . . . . . . . . . . . . . 8\n\n\n        APPENDICES\n\n                 I            OBJECTIVES, SCOPE, AND METHODOLOGY\n\n                II            NRC FORM 270, \xe2\x80\x9cSEPARATION CLEARANCE\xe2\x80\x9d\n\n                III           AGENCY RESPONSE TO DRAFT REPORT\n\n               IV             NRC ORGANIZATIONAL CHART\n\n                V             MAJOR CONTRIBUTORS TO THIS REPORT\n\n           VI    GLOSSARY:                          OFFICE         OF      THE       INSPECTOR              GENERAL\n        PRODUCTS\n\n\n\n\n        OIG/99A-06\n\x0c                       Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\nINTRODUCTION\n\n         The Office of the Inspector General initiated a review of the U.S. Nuclear\n         Regulatory Commission\xe2\x80\x99s (NRC) separation-clearance process after learning of\n         several cases where local area network (LAN) accounts had not been deleted for\n         former employees and contractors of the agency. Moreover, we identified one\n         former employee who could still access an NRC LAN account and the files of the\n         employee\xe2\x80\x99s former office. The agency\xe2\x80\x99s separation-clearance process contains a\n         step intended to trigger the termination of LAN accounts for employees who\n         separate from the agency. However, we were concerned that the step was not\n         achieving its purpose. We were also concerned about the risks involved in\n         unintentionally allowing former employees/contractors to have access to sensitive,\n         non-public agency information.\n\n         Furthermore, we learned that the separation-clearance process is not addressed\n         in NRC\xe2\x80\x99s Management Directives or comprehensively in any other agency\n         guidance. Given this lack of instruction on the process, and the presence of LAN\n         accounts for former employees and contractors, we became concerned as to\n         whether other steps in the process were being fulfilled as intended.\n\n         Our objectives for this audit were to determine (1) whether the agency was\n         terminating employee/contractor access to the LAN in a timely manner after those\n         individuals ended their employment with NRC, and (2) whether other steps in\n         NRC\xe2\x80\x99s separation-clearance process were being fulfilled as intended. Appendix\n         I contains additional information on our objectives, scope, and methodology.\n\n    BACKGROUND\n\n         In preparing to terminate their NRC employment, staff members must obtain a\n         number of clearances before they receive their final salary payments. The\n         organizational units that clear separating employees and the items to be cleared\n         are specified on NRC Form 270, \xe2\x80\x9cSeparation Clearance\xe2\x80\x9d (see Appendix II).\n\n         Currently, there is no Management Directive addressing the separation-clearance\n         process. A manual chapter addressing the topic was abolished in August 1994\n         because responsible managers felt that the manual chapter merely repeated\n         information already included on Form 270, and that the form could stand alone.\n         The Office of Human Resources (HR) now provides separating employees with an\n         instruction sheet to help guide them through the separation-clearance process.\n         The instruction sheet lists the organizational units responsible for clearing\n\n\n         OIG/99A-06                                                                            Page 1\n\x0cReview of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n                 employees at each step of the process as well as the name, location, and\n                 telephone extension for the clearing official. Generally, in carrying out the process,\n                 the employee\xe2\x80\x99s home office handles the initial clearance steps on the form and\n                 then the separating employee hand carries the form to clearing officials\n                 representing each of the remaining steps on the form to obtain their clearance\n                 signatures. Form 270 was most recently updated in December 1998.\n\n                 Contractors do not follow the same separation-clearance process as NRC\n                 employees, but NRC requires that their badges be returned and their LAN access\n                 terminated when they stop working for the agency.\n\nFINDINGS\n\n                 In general, NRC\xe2\x80\x99s separation-clearance process appears to be working to prevent\n                 employees from terminating their employment without repaying debts owed to\n                 NRC. However, the process has failed to ensure the consistent, timely termination\n                 of LAN accounts when employees and contractors stop working for NRC. In\n                 addition, the process is duplicative in parts, some clearing officials do not carry out\n                 the process as NRC managers expect them to or as guidance prescribes, and\n                 agency guidance on the topic is sometimes conflicting. In this section, we will\n                 discuss our findings (1) regarding the termination of employee and contractor LAN\n                 accounts upon separation from the agency and (2) concerning the process in\n                 general.\n\n        LAN ACCOUNTS NOT CONSISTENTLY TERMINATED FOR SEPARATING EMPLOYEES AND\n        CONTRACTORS\n\n                 LAN accounts are not always terminated in a timely manner after NRC staff and\n                 contractors end their employment with the agency. Furthermore, agency guidance\n                 on the separation-clearance process is unclear and key players in the process do\n                 not always carry out the process as intended. Failure to terminate LAN accounts\n                 in a timely manner creates a threat to sensitive information stored on the LAN and\n                 a scenario where abuse could occur. This is particularly important, given the\n                 pending implementation of the Agencywide Documents Access and Management\n                 System (ADAMS) as the agency\xe2\x80\x99s electronic recordkeeping system.\n\n                 According to an NRC Management Directive,(1) LAN user identifications (ID\xe2\x80\x99s) must\n                 be invalidated (removed from the automated information system) for various\n\n\n        1\n                 Guidance on termination of LAN access appears in Handbook 12.5, NRC Management\n                 Directive Volume 12, Security.\n\n                 OIG/99A-06                                                                       Page 2\n\x0c                   Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n    reasons, including termination of employment or contract. While the agency does\n    not prescribe a time by which removal should occur, it seems logical that\n    termination of electronic access to the agency\xe2\x80\x99s files should be treated in a manner\n    similar to termination of physical access to agency facilities when an employee or\n    contractor stops working for NRC. Interestingly, another Management Directive,(2)\n    which addresses physical access to NRC facilities, does not prescribe a specific\n    time frame for termination of access authorization when an NRC staff member\n    leaves the agency. Nevertheless, in practice, and as reflected on NRC Form 270,\n    \xe2\x80\x9cSeparation Clearance,\xe2\x80\x9d employee key card badges, which are required for access\n    to NRC facilities, must be submitted before an employee can be cleared to receive\n    his or her last paycheck. Badge return typically occurs on the employee\xe2\x80\x99s last day\n    of work at NRC.\n\n    While termination of an employee\xe2\x80\x99s LAN access on his or her last day of work\n    would seem to be a reasonable goal, this is not the general practice at NRC. At\n    headquarters, the separation-clearance process does not directly trigger\n    termination of LAN accounts. Office of the Chief Information Officer (OCIO)\n    managers say that they expect, and depend on, office LAN Managers and\n    Information Technology (IT) Coordinators to inform them when an employee or\n    contractor is leaving so that they can terminate the account. While the separation-\n    clearance form requires the employing office to notify its \xe2\x80\x9cLAN Manager\xe2\x80\x9d at the start\n    of the separation-clearance process for each separating employee, there is no\n    signoff to indicate that this individual has notified OCIO of the pending separation.\n    According to OCIO managers, upon such notification, the terminated employee\xe2\x80\x99s\n    account would be deleted, ideally, within a day. However, they said, such\n    notification does not always occur, particularly with regard to contractors.\n    Therefore, as a backup, OCIO managers responsible for the LAN periodically\n    receive a list of employees and contractors who have stopped working for the\n    agency and who have turned in their badges to the Division of Facilities and\n    Security (DFS). Due to the periodicity with which OCIO has received this list, they\n    acknowledged the possibility of lag times with regard to deletion of LAN accounts.(3)\n\n    In an effort to assess whether a significant number of former employees still\n\n\n2\n    Guidance on termination of physical access to NRC facilities appears in Handbook 12.3,\n    NRC Management Directive Volume 12, Security.\n3\n    During the course of OIG\xe2\x80\x99s audit, an OCIO manager reported that OCIO had streamlined\n    the process by which it received HR\xe2\x80\x99s \xe2\x80\x9closs list\xe2\x80\x9d of employees who have separated from\n    NRC during the week and is using it each week as a basis for removing employee\n    names from the LAN. OCIO also reported having plans to receive, on a regular basis,\n    the DFS list of employees and contractors who have turned in their badges due to\n    separation. According to the OCIO manager, the lists will be given to the Network\n    Control Center (NCC) and NCC staff will be required to delete LAN accounts for these\n    individuals within 2 working days.\n\n    OIG/99A-06                                                                             Page 3\n\x0cReview of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n                 appeared to have LAN accounts after termination of employment, we searched in\n                 the GroupWise address book for the names of employees who separated from\n                 NRC during fiscal year 1998. Of 231 employees who separated from the agency\n                 during that time frame, 32 (14 percent) still had e-mail addresses on NRC\xe2\x80\x99s LAN\n                 at headquarters. In addition, we sent test messages to half of these individuals\n                 and received indication from GroupWise that all had been delivered. Furthermore,\n                 at least one of these individuals still had access to an NRC LAN account and could\n                 retrieve e-mail and open files maintained by the employee\xe2\x80\x99s former office.\n\n                 According to OCIO managers, the appearance of former employees\xe2\x80\x99 names on the\n                 LAN does not necessarily indicate an active LAN account. They said that\n                 sometimes former employee names and user ID\xe2\x80\x99s remain on the list because of\n                 special requests made by offices to disable, rather than delete, the accounts of\n                 former employees. In such cases, the former employee\xe2\x80\x99s name is kept on the LAN,\n                 but his or her password is changed. As a result, the person\xe2\x80\x99s network access is\n                 terminated. The OCIO managers said that, in some cases, there may be a failure\n                 to ultimately delete these accounts, resulting in the appearance of former employee\n                 names in the address book.\n\n                 In comparison to the process at headquarters, the regional offices we contacted\n                 for this review described strategies that more closely linked a step on the Form 270\n                 to the actual deletion of LAN accounts. Reportedly, in these regions, a clearing\n                 official\xe2\x80\x99s signature on the separation-clearance form indicates that this person will\n                 immediately contact the region\xe2\x80\x99s LAN Administrator to request either disabling or\n                 termination of the LAN account. According to those interviewed, disabling and\n                 termination (in some cases) of accounts typically occurs within 1 working day of the\n                 employee\xe2\x80\x99s last day at work.\n\n                 There is an absence of clear guidance on the separation-clearance process in\n                 general, and the LAN-related steps in particular. We believe this void contributes\n                 to the failure to delete LAN accounts consistently in a timely manner. First, as\n                 mentioned earlier, there is no single management directive addressing the\n                 separation-clearance process overall and the purpose of each step in the process.\n                 While employees are expected to go through the separation-clearance process\n                 prior to termination, there is no similar process for contractors. While OCIO staff\n                 expect office LAN Managers/IT Coordinators to notify them when a contractor stops\n                 working for the agency, the current \xe2\x80\x9cguidance\xe2\x80\x9d on the subject is contained in\n                 contract language and does not support this expectation. This contract language\n                 requires only that DFS be notified when a contractor no longer requires access to\n                 NRC sensitive automated information systems and data. While the contract\n                 language does not specify who should notify DFS, we were told it is typically the\n                 project officer who provides this notification.\n\n                 Second, the existing guidance on termination of LAN accounts neither prescribes\n                 a time frame or process for achieving termination of LAN accounts nor explains\n\n                 OIG/99A-06                                                                     Page 4\n\x0c                     Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n      either of the two LAN-related steps on the separation-clearance form. While one\n      step on the form, \xe2\x80\x9cADP Equipment and Software/AUTOS Password Cancelled,\xe2\x80\x9d\n      suggests it might be a trigger point for cancellation of LAN accounts, the step is not\n      used for that purpose. It should be noted that the regions we contacted for this\n      review had modified the Form 270 in such a manner to more clearly identify a LAN\n      account termination step on the form. Additionally, the staff people considered by\n      OCIO to be responsible for informing OCIO about LAN account termination\n      requests have not received clear or consistent guidance on this expectation.\n\n      A third area of concern related to guidance is that the instruction sheet prepared\n      by HR to complement Form 270 is inconsistent with information provided on the\n      form itself. For example, Form 270 states that the clearing unit for step 8 of the\n      process (\xe2\x80\x9cADP Equipment and Software/AUTOS Password Cancelled\xe2\x80\x9d) is the\n      \xe2\x80\x9cOffice IT Coordinator,\xe2\x80\x9d while the HR instruction sheet states it is the \xe2\x80\x9cOffice\n      Automation & Network Development/CIO.\xe2\x80\x9d Adding to the confusion is that Form\n      270 implies that the clearing official for step 8 is the \xe2\x80\x9cOffice IT Coordinator,\xe2\x80\x9d\n      whereas the HR instruction sheet states that the clearing official is the \xe2\x80\x9cHome\n      Office Custodian.\xe2\x80\x9d\n\n      Failure to terminate LAN accounts of former employees and contractors in a timely\n      manner creates an unnecessary risk to the agency\xe2\x80\x99s sensitive information stored\n      on the network. The risk will be potentially magnified further when ADAMS is\n      implemented as the agency\xe2\x80\x99s electronic recordkeeping system. Furthermore,\n      leaving the names of former employees on the LAN, even if the accounts have\n      been \xe2\x80\x9cdisabled,\xe2\x80\x9d creates a false impression that a message sent to that individual\n      will be received.\n\nSEPARATION-CLEARANCE PROCESS REFLECTS THAT NO ONE OFFICE HAS TAKEN CHARGE\n\n      In addition to reviewing the specific portion of the separation-clearance process\n      pertaining to termination of LAN access, we reviewed the overall clearance process\n      to determine whether there were other areas of concern. We found that agency\n      guidance on the process is unclear and there has been no single office that has\n      taken responsibility for the overall process. As a result, we believe the process\n      takes longer than necessary, is not always carried out as intended, and creates the\n      potential for NRC to miss opportunities for collecting debts and removing\n      employees from access lists.\n\n      As reflected on Form 270, and as stated in an abolished manual chapter on the\n      subject, the purpose of the separation-clearance process is \xe2\x80\x9cto assure that persons\n      separating from employment or being reassigned obtain the necessary clearances\n      before they receive their final salary payments.\xe2\x80\x9d While there is no agency\n      guidance setting a standard for how the process is to be carried out, it seems\n      appropriate that NRC\xe2\x80\x99s separation-clearance process should be purposeful,\n      efficient, non-duplicative, consistent, and in line with present-day needs.\n\n      OIG/99A-06                                                                             Page 5\n\x0cReview of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n\n                 While we found that the separation-clearance forms are completed in most cases\n                 for separating employees, clearing officials know what they are supposed to do in\n                 order to sign off, and the agency is not having problems collecting debts owed to\n                 it by former employees -- the process could be improved. In addition to the issues\n                 we described relating to the termination of LAN accounts, we identified two steps\n                 concerning property on the separation-clearance form that could be consolidated\n                 into one. We noted two steps that are worded inaccurately, reflecting directions\n                 that may have been appropriate in the past, but which are no longer applicable.\n                 We also found cases where regional staff are submitting forms that are no longer\n                 required by headquarters as part of the clearance process. Further, we observed\n                 a lack of specific written instructions for clearing officials describing the steps\n                 required to clear employees.\n\n                 Moreover, we identified inconsistencies between instructions on the form and the\n                 way the process is carried out. For example, while Form 270 directs regional staff\n                 separating from employment to obtain local regional office clearances for all\n                 applicable items except three specific fiscal matters, this is not the way the regional\n                 forms are handled. Additionally, Form 270 asks regional offices to telefax a copy\n                 of a separating employee\xe2\x80\x99s separation-clearance form to the Payroll Office in\n                 headquarters when the employee begins the clearance process. In many cases,\n                 this is not occurring. While we did not identify any negative consequences that\n                 resulted from this discrepancy, it causes one to question the value of the guidance.\n\n                 We also noted discrepancies between the form and the instruction sheet provided\n                 by HR to help guide employees through the separation-clearance process. While\n                 Form 270 instructs headquarters employees, after their exit interview with HR, to\n                 \xe2\x80\x9chand carry this form to the Payroll Operations Section, OC,\xe2\x80\x9d(4) the HR instruction\n                 sheet contains a prominent note to employees to \xe2\x80\x9cleave your NRC Form 270 with\n                 the Human Resources Specialist after your debriefing.\xe2\x80\x9d Perhaps the most notable\n                 error on the Form 270 itself is its reference to a non-existent NRC Management\n                 Directive 10.8, presumably for guidance on the separation-clearance process.\n\n                 Our review also raised questions as to whether the current clearance process\n                 ensures account termination as appropriate in all agency automated information\n                 systems. For example, we noted several cases where the names of former\n                 employees remained in an office time and attendance (T&A) group on the\n                 PAY/PERS system, potentially creating a false impression that the employees still\n                 were in that T&A group.\n\n                 We also found that while there is a paperwork process to clear NRC employees,\n                 there is no similar process for contractors who stop working for the agency. NRC\n\n\n        4\n                 As part of NRC\xe2\x80\x99s reorganization of January 5, 1997, the Office of the Controller (OC)\n                 was incorporated into the newly created Office of the Chief Financial Officer.\n\n                 OIG/99A-06                                                                         Page 6\n\x0c                      Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n        has over the past several years made efforts to tighten the controls over contractor\n        access to the agency. At present, contract project officers are expected to notify\n        DFS when a contractor stops working for the agency. Yet, it was reported to us\n        that project officers do not consistently carry out this duty.\n\n        Finally, on a positive note, we observed that three of the regional offices have\n        modified the separation-clearance form to suit their specific needs. For example,\n        regions have added steps for such items as conflict-of-interest debriefings, removal\n        from site access lists, issuance of radiation dosimetry, and exit interviews with the\n        regional administrator.\n\n        We believe that the problems identified regarding the separation-clearance process\n        result from (1) no single office taking responsibility for guiding the process and\n        ensuring maximum efficiency, and (2) a lack of specific written guidance on the\n        subject. According to one HR manager, the separation-clearance form just seems\n        to have evolved over time, based on input from the offices responsible for steps in\n        the clearance process. However, HR does coordinate the process by which\n        changes, additions, or deletions are made to the form.\n\n        Taken separately, each of the problems we identified may seem inconsequential;\n        yet, as a whole, they reflect a process that is not being closely monitored and\n        which could result in problems for the agency at a future date.\n\nCONCLUSION\n\n        Although NRC\xe2\x80\x99s separation-clearance process appears to be working in a general\n        sense to prevent employees from terminating their employment without repaying\n        debts owed to NRC, the process is not resulting in the consistent termination of\n        LAN accounts for employees and contractors who stop working for the agency.\n        The process also suffers from a lack of clear guidance and no single office taking\n        charge of it to ensure that it fits current agency needs. An inefficient and outdated\n        process could result in threats to sensitive agency information and to loss of money\n        for the agency.\n\nRECOMMENDATIONS\n\n        To improve the efficiency of the agency\xe2\x80\x99s separation-clearance process, we\n        recommend that the Executive Director for Operations (EDO):\n\n        1)      Revise the current Form 270 to eliminate duplication and include any new\n                steps that would be appropriate for inclusion in the process, including\n                termination of access to all automated information systems. This revision\n                should incorporate a more direct link between termination of LAN accounts\n                and the 270 process. The EDO should also examine all instructions on the\n\n        OIG/99A-06                                                                            Page 7\n\x0cReview of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n                         form and the accompanying instruction sheet and ensure that each reflects\n                         current and accurate information.\n\n                 2)      Develop a Management Directive on the separation-clearance process,\n                         detailing the purpose of each step, regional responsibilities, and contractor\n                         issues. This guidance should also specify time frames for completion of\n                         actions triggered by the form (e.g., termination of LAN accounts).\n\n                 3)      On a regular basis, review the Form 270 to ensure it is current and\n                         consistent with agency operations.\n\n                 4)      Consider placing primary responsibility and accountability for obtaining\n                         necessary clearances on a designated entity (e.g., home office, HR) other\n                         than the separating employee. In addition, look for ways to automate the\n                         clearance process.\n\nOIG COMMENTS ON AGENCY RESPONSE\n\n                 On July 9, 1999, the Deputy Executive Director for Management Services (DEDM)\n                 responded to our draft report. The DEDM agreed with our four recommendations\n                 and presented the corrective actions planned to address our concerns and time\n                 frames for the completion or initiation of these measures.\n\n                 The response also included a comment attributed to the Chief Information Officer\n                 (CIO) pertaining to recommendation 1. While the CIO concurred with the\n                 recommendation, he stated that \xe2\x80\x9cmethods used by OIG to quantify the problem\n                 may be inaccurate.\xe2\x80\x9d We take strong exception to the CIO\xe2\x80\x99s comment. As we\n                 stated in our report, we found that 14 percent of the employees who separated\n                 from NRC during FY 1998 still had e-mail addresses on NRC\xe2\x80\x99s LAN at\n                 headquarters. We sent test messages to half of these individuals and received\n                 indication that all had been \xe2\x80\x9cdelivered.\xe2\x80\x9d Despite these findings, we did not\n                 characterize these accounts as active or say that former employees could access\n                 them. However, we identified one former employee who still had access to an\n                 NRC LAN account and could retrieve e-mail and open files maintained by the\n                 employee\xe2\x80\x99s former office. This proves that NRC needs to take greater measures\n                 to protect its information from the threat of unauthorized access and tampering.\n                 Furthermore, we presented this quantifiable information to the CIO at the audit\n                 entrance conference. Neither at that time nor during the entire course of the audit\n                 did the CIO or his staff question or disagree with our methods for \xe2\x80\x9cquantifying the\n                 problem.\xe2\x80\x9d Furthermore, we reiterated this information at the audit exit conference\n                 and, again, no one raised any objections to our methodology. Therefore, we\n                 continue to believe our methodology for quantifying this problem was both\n                 appropriate and accurate.\n\n                 Finally, the CIO concludes his comment by saying that \xe2\x80\x9cunder many circumstances\xe2\x80\x9d\n                 it is a \xe2\x80\x9cprudent course of action\xe2\x80\x9d to preserve former employee accounts and their\n\n                 OIG/99A-06                                                                     Page 8\n\x0c              Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\nfunctions while changing the account passwords. We understand that it may\nsometimes be necessary to preserve such accounts, and that changing the\naccount password is a method for preventing the former employee from accessing\nthe account. However, we caution against OCIO\xe2\x80\x99s practice of leaving the names\nof former employees on the LAN. Even if the individual no longer has access, the\nappearance of a former employee\xe2\x80\x99s name on the address list can provide people\nwho send messages to this address with the mistaken impression that the\nmessage was \xe2\x80\x9cdelivered\xe2\x80\x9d to the former employee. If OCIO makes the effort to\nchange the password to access the account, we believe they could also change\nthe name on the account to more accurately reflect the recipient of messages sent\nto that e-mail address, and thereby prevent the dissemination of erroneous\ninformation.\n\n\n\n\nOIG/99A-06                                                                            Page 9\n\x0c                                                                                         Appendix I\n                      Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n\nOBJECTIVES, SCOPE, AND METHODOLOGY\n\n        The objectives of our audit were to 1) determine whether the agency is terminating\n        employee/contractor access to the local area network (LAN) in a timely manner\n        after those individuals end their employment with U.S. Nuclear Regulatory\n        Commission (NRC), and 2) determine whether other steps in NRC\xe2\x80\x99s separation-\n        clearance process are being fulfilled as intended.\n\n        To explore these issues, we talked with headquarters clearing officials representing\n        each step of the Form 270 clearance process to determine the purpose of the step,\n        the strategy for ensuring clearance, and their understanding of the step. We also\n        spoke with several clearing officials in Regions I, II, and III and in the Technical\n        Training Center in Chattanooga, Tennessee, to learn about their approaches with\n        regard to termination of LAN and facility access in particular.\n\n        In addition, we interviewed Office of Human Resources, Office of the Chief\n        Information Officer, and Office of the Chief Financial Officer staff to gain more\n        information about the separation-clearance process in general, the LAN access\n        step, and the methods by which NRC recovers debts from separated employees.\n\n        Our audit was conducted from December 1998 to April 1999 in accordance with\n        generally accepted Government auditing standards.\n\n\n\n\n        OIG/99A-06                                                                        Page 1 of 1\n\x0c                                                                               Appendix II\n             Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n\nOIG/99A-06                                                                       Page 1 of 2\n\x0cAppendix II\nReview of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n\n                 OIG/99A-06                                                      Page 2 of 2\n\x0c                                                                               Appendix III\n             Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n\nOIG/99A-06                                                                       Page 1 of 3\n\x0cAppendix III\nReview of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n\n                 OIG/99A-06                                                      Page 2 of 3\n\x0c                                                                               Appendix III\n             Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n\nOIG/99A-06                                                                       Page 3 of 3\n\x0c                                                                                      Appendix IV\n                     Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\nNRC ORGANIZATIONAL CHART\n\n\n\n\n        OIG/99A-06                                                                       Page 1 of 1\n\x0c                                                                               Appendix V\n             Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n\nMAJOR CONTRIBUTORS TO THIS REPORT\n\n\nCorenthis B. Kelley\nTeam Leader\n\n\nJudy G. Gordon\nManagement Analyst\n\n\n\n\nOIG/99A-06                                                                       Page 1 of 1\n\x0c                                                                                               Appendix VI\n                              Review of NRC\xe2\x80\x99s Separation-Clearance Process for Exiting Staff and Contractors\n\n\n\n             GLOSSARY: OFFICE OF THE INSPECTOR GENERAL PRODUCTS\n\n            INVESTIGATIVE\n1.   INVESTIGATIVE REPORT - WHITE COVER\n     An Investigative Report documents pertinent facts of a case and describes available evidence\n     relevant to allegations against individuals, including aspects of an allegation not substantiated.\n     Investigative reports do not recommend disciplinary action against individual employees.\n     Investigative reports are sensitive documents and contain information subject to the Privacy Act\n     restrictions. Reports are given to officials and managers who have a need to know in order to\n     properly determine whether administrative action is warranted. The agency is expected to advise\n     the OIG within 90 days of receiving the investigative report as to what disciplinary or other action\n     has been taken in response to investigative report findings.\n\n2.   EVENT INQUIRY - GREEN COVER\n     The Event Inquiry is an investigative product that documents the examination of events or\n     agency actions that do not focus specifically on individual misconduct. These reports identify\n     institutional weaknesses that led to or allowed a problem to occur. The agency is requested to\n     advise the OIG of managerial initiatives taken in response to issues identified in these reports\n     but tracking its recommendations is not required.\n\n3.   MANAGEMENT IMPLICATIONS REPORT (MIR) - MEMORANDUM\n     MIRs provide a "ROOT CAUSE" analysis sufficient for managers to facilitate correction of\n     problems and to avoid similar issues in the future. Agency tracking of recommendations is not\n     required.\n\n            AUDIT\n\n4.   AUDIT REPORT - BLUE COVER\n     An Audit Report is the documentation of the review, recommendations, and findings resulting\n     from an objective assessment of a program, function, or activity. Audits follow a defined\n     procedure that allows for agency review and comment on draft audit reports. The audit results\n     are also reported in the OIG\'s "Semiannual Report" to the Congress. Tracking of audit report\n     recommendations and agency response is required.\n\n5.   SPECIAL EVALUATION REPORT - BURGUNDY COVER\n     A Special Evaluation Report documents the results of short-term, limited assessments. It\n     provides an initial, quick response to a question or issue, and data to determine whether an in-\n     depth independent audit should be planned. Agency tracking of recommendations is not\n     required.\n\n            REGULATORY\n\n6.   REGULATORY COMMENTARY - BROWN COVER\n     Regulatory Commentary is the review of existing and proposed legislation, regulations, and\n     policies so as to assist the agency in preventing and detecting fraud, waste, and abuse in\n     programs and operations. Commentaries cite the IG Act as authority for the review, state the\n     specific law, regulation or policy examined, pertinent background information considered and\n     identifies OIG concerns, observations, and objections. Significant observations regarding action\n     or inaction by the agency are reported in the OIG Semiannual Report to Congress. Each report\n     indicates whether a response is required.\n\n               OIG/99A-06                                                                         Page 1 of 1\n\x0c'